Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
  • G07C9/00817—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed

Definitions

• a lock system and a method of configuring a lock system FIELD OF INVENTION The present invention relates generally to lock systems 5 and more particularly to a lock system which can be set up in an easy and yet secure way and be operated with a high security level.
• BACKGROUND Electronic or electro-mechanical lock systems having 0 locks or the like that are connected to a central computer or system by means of a cable network have been in use for many years.
• the operation of these systems are managed from the central computer which communicate the applicable rules via a local network (LAN) to 5 individual door access control (DAC) units.
• the DAC units in turn communicate e.g. log information to the central computer.
• One way of achieving secure communication on a pre- existing network is to use encrypted data for communication between the central computer and the individual DAC units.
• the different units communicating must have encryp ion/decryption keys installed. These keys could be installed by skilled personnel that provide each and every unit with the required keys .
• One problem associated with this solution is that the persons normally installing such lock systems are not skilled personnel in the sense that they are not familiar with computer hardware and software. Thus, installation of encryption/decryption keys would be performed by expensive personnel in a separate step after the physical installation of the system, leading to increased costs. Also, the use of individuals for installing software is a security risk in itself.
• a problem in prior art is thus to provide a lock system which shows a high degree of security while the installation and set-up of the system can be effected in an easy way.
• An object of the present invention is to provide a lock system wherein the prior art drawbacks are avoided and in which encryption keys can be installed in an easy and yet secure way. This means that one specific object is that installation of components must be as simple as possible.
• Another object is that security breach by customer mistakes must not affect other customers or the manufacturer.
• Yet another object is to provide a system and method wherein existing standards and implementations are used as much as possible.
• Still yet another object is to provide a method wherein system requirements are kept as small as possible.
• the invention is based on the realisation that the use of certificates in combination with asymmetric and symmetric encryption in a lock system provides a secure yet efficient solution to the above described problem.
• a unique symmetric encryption key is used for each door access control unit. This ensures that the integrity of the lock system is maintained in the case one or more of the DAC units are taken over by a fraudulent person trying to gain unauthorized access to the premise in which the lock system is installed. Further preferred embodiments are defined by the dependent claims .
• fig. 1 is an overall view of a the hardware including a manufacturer and customer lock systems
• fig. 2 is a block diagram showing a Public Key Infrastructure implemented in the lock system according to the invention.
• fig. 3 is a simplified diagram showing the different steps in the method according to the invention.
• fig. 4 is a detailed diagram showing the different steps in the method according to the invention.
• lock system is intended to cover all types of electronic lock systems wherein the door access units control electronic or electro-mechanical locks, card readers, panic buttons etc. (not shown in the figures) and is thus not limited to systems comprising conventional lock cylinders or the like.
• FIG. 1 It is there shown a manufacturer computer system 10, which comprises computer hardware with peripherals etc. and access to the Internet.
• the manufacturer computer system runs software adapted for processing of customer certificates.
• the management system is divided into a front end system that collects signature request and a back end system that holds the manufacturer's private key used for signing of a customer public key.
• the subsystem that contain the private key responsible for signing customers' certificate is not exposed to public networks .
• a number of customer lock systems each comprises a customer management computer 110 connected to a plurality of door access control (DAC) units 120 via a local area network (LAN) 130.
• DAC door access control
• LAN local area network
• Ethernet-based but the invention does not exclude other kinds of networks.
• the management computer 110 is the computer wherein all rules relating to the lock system 100 is managed and stored. These rules can be related to which individuals are authorised to open which doors , temporal restrictions to access to doors etc. These rules are downloaded to the individual DAC units 120 which effect the physical control of the doors by means of actuators etc.
• the present invention uses the well-known Public Key Infrastructure (PKI) which uses techniques for public- key encryption, also referred to as asymmetric encryption.
• PKI Public Key Infrastructure
• each entity has a public key and a corresponding private key.
• the public key defines an encryption transformation
• the private key defines the associated decryption transformation.
• Any entity wishing to send a message to another entity A obtains an authentic copy of A's public key, uses the encryption transformation to obtain the cipher text, and transmits this cipher text to A. To decrypt the cipher text, A applies the decryption transformation to obtain the original message.
• the public key need not be kept secret, and, in fact, may be widely available — only its authenticity is required to guarantee that A is indeed the only party who knows the corresponding private key.
• a primary advantage of such systems is that providing authentic public keys is generally easier than distributing secret keys securely, as required in symmetric key systems.
• A's encryption transformation is public knowledge, public-key encryption alone does not provide data origin authentication or data integrity. Such assurances must be provided through use of additional techniques, including message authentication codes and digital signatures. Public-key encryption schemes are typically substantially slower than symmetric-key encryption algorithms .
• Public-key decryption may also provide authentication guarantees in entity authentication and authenticated key establishment protocols.
• the Public Key Infrastructure in a lock system will now be described with reference to fig. 2, wherein part of the environment shown in fig. 1 is detailed. More specifically, the manufacturer computer system 10, a management computer 110, and a DAC unit 120 are shown therein, but not the physical interconnections (the Internet, LAN). It is here seen that the manufacturer functions as an upper level Certificate Authority - CA level 1 - and the lock system owner as a lower level CA — CA level 2. To achieve a scalable installation of the DAC units 120 and to restrict problems of a comprised management computer to a customer domain, part of the PKI have been arranged as this hierarchy.
• the manufacturer public key is installed in the DAC unit at a trusted factory.
• a security feature is boot-strapped into the DAC units in the form of a certificate trusting the manufacturer's software. This means that the DAC units' software can only be installed under the manufacturer's control.
• Each and every DAC unit 120 is thus provided with the manufacturer public key. This is a more efficient and reliable way than providing the public key when the DAC unit already has been installed.
• This method also provides DAC units that are essentially identical before delivery, facilitating logistics and storage.
• each DAC unit is provided with a unique serial number. However, this is not important for the present invention.
• the temporary installer application is capable of verifying the manufacturer's signature of the customer's public key and could verify that the certificate presented by the management computer 110 has been signed by the manufacturer computer 10.
• the manufacturer public certificate is bundled with the installer image, which is signed by manufacturer private key.
• the customer receives a certificate signed by the manufacturer.
• This certificate is delivered on-line through a procedure, wherein the receiver is obliged to identify himself or herself. More specifically, the receiver is indicated in the certificate as attributes. This ensures that a specific individual is responsible, increasing the security level of the inventive concept.
• the certificate signed by the manufacturer is used in a further step to install a certificate trusting the customer. In that way, the customer gets full control of the system except for software updating, see below.
• a lock system owner buys the management computer software and obtains media together with a unique code
• the name of the lock system owner is registered in the manufacturer computer 10 together with the software version.
• the lock system owner is then instructed to contact the manufacturer to get its management computer public key signed by the manufacturer, i.e., the upper level CA.
• the lock system owner's management computer public certificate is then added in a database located in the manufacturer computer 10.
• the management computer 110 When the lock system owner installs the lock system software or when the lock system 100 is about to be set up, the management computer 110 generates a symmetric encryption key pair and makes available the certificate signed by the manufacturer. In that way, the management computer 110 becomes a CA of itself.
• the installer program image that has been installed in the DAC unit accepts the management computer public certificate signed by the manufacturer.
• An encrypted and authenticated channel is then established, such as by means of an SSL-session using asymmetric encryption, between the management computer and the DAC unit.
• the DAC unit then installs the symmetric secret key from the management computer. From this moment asymmetric methods are replaced by symmetric by terminating the asymmetrically encrypted channel and establishing a symmetrically encrypted tunnel and the DAC unit could thereafter only be controlled by the management computer to prevent hostile takeover from other management computer systems.
• the factory installed manufacturer public key remains in the DAC unit to verify software from the manufacturer. This prevents customers to remote install unauthorized software in the DAC unit.
• Asymmetric encryption is more demanding on hardware, which is inconvenient when taking hardware costs into consideration. This is one reason why the lock system according to the invention operates in a secure yet efficient way.
• the manufacturer public key is distributed on-line.
• the manufacturer public key can also be distributed on compact disc, for example, when the software product is purchased.
• Further communication between the manufacturer and the customer can be on-line by means of the Internet, for example, or by means of other media, such as compact disks .
• the receiver of the manufacturer certificate is indicated as attributes in the certificate.
• each certificate has a unique serial number distinguishing it from other certificates. It is also preferred that the certificate is protected by means of some kind of password, such as a PIN code.
• the manufacturer computer system and management computers have been described as interconnected via the Internet. It will be appreciated that some of the management computers are not connected to the outside. In that case communication between the manufacturer computer system and management computers can be effected via other media, such as diskettes,' compact discs etc.
• manufacturer computer system has been described as one single computer. It will be appreciated that there can be more than one computer at the manufacturer having different functions.

Landscapes

• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Lock And Its Accessories (AREA)
• Storage Device Security (AREA)
• Exchange Systems With Centralized Control (AREA)
• Maintenance And Management Of Digital Transmission (AREA)
• Computer And Data Communications (AREA)
• Automobile Manufacture Line, Endless Track Vehicle, Trailer (AREA)
• Interface Circuits In Exchanges (AREA)
• Input Circuits Of Receivers And Coupling Of Receivers And Audio Equipment (AREA)

Applications Claiming Priority (2)

Publications (2)

Family

ID=29398746

Family Applications (1)

Country Status (7)

Families Citing this family (19)

Family Cites Families (4)

• 2003
  • 2003-10-16 SE SE0302733A patent/SE525847C2/sv not_active IP Right Cessation
• 2004
  • 2004-10-12 AT AT04775530T patent/ATE451672T1/de not_active IP Right Cessation
  • 2004-10-12 DE DE602004024567T patent/DE602004024567D1/de active Active
  • 2004-10-12 AU AU2004281437A patent/AU2004281437A1/en not_active Abandoned
  • 2004-10-12 EP EP04775530A patent/EP1678683B1/fr active Active
  • 2004-10-12 WO PCT/SE2004/001448 patent/WO2005038727A1/fr active Application Filing
  • 2004-10-18 WO PCT/SE2004/001491 patent/WO2005038728A1/fr active Application Filing
• 2006
  • 2006-05-15 NO NO20062179A patent/NO336212B1/no unknown

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events